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SELECTIVELY AUDITING ACCESSES TO 
10 ROWS WITHIN A RELATIONAL DATABASE 

AT A DATABASE SERVER 



Inventor(s): Daniel ManHung Wong, Chon Hei Lei and Patrick F. Sack 



Related Application 

The subject matter of this application is related to the subject matter in a 
20 co-pending non-provisional application by inventor Daniel ManHung Wong, filed 
on the same day as the instant application entitled, "Reforming Queries to 
Selectively Audit Accesses to Rows Within a Relational Database," having serial 
number TO BE ASSIGNED, and filing date TO BE ASSIGNED (Attorney 
Docket No. OR00-01101). 



BACKGROUND 



Field of the Invention 

The present invention relates to providing security in computerized 
30 databases. More specifically, the present invention relates to a method and an 
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apparatus for selectively auditing accesses to relational database tables based upon 
auditing conditions. 

Related Art 

5 Databases commonly store highly sensitive data, such as salaries, 

corporate financial data, and even classified military secrets. For security reasons 
it is essential to be able to audit accesses to this sensitive data. Conventional 
database systems typically provide a general auditing facility that records an audit 
trail containing general information about the user and the query issued. 

1 0 However, conventional auditing facilities have a number of shortcomings. 

They do not record specific information about the application, the session 
environment or most importantly, the query results. Consequently, information 
gathered by a conventional auditing facility is frequently insufficient to 
reconstruct an event, or even to determine whether access rights have been 

15 violated. 

In conventional relational database systems, auditing facilities only record 
information regarding which tables are accessed, not whether certain rows inside a 
given table are accessed. This table-level auditing tends to generate a large 
number of false audit records because many accesses to a given table do not touch 
20 sensitive data. 

What is needed is an auditing mechanism that can specify a finer 
granularity of audit conditions during accesses to relational tables in order to 
minimize the number of false audit records that are generated. 

Another problem in auditing database accesses arises in distributed 
25 database architectures, in which an application located on an application server 
sends a query to a database located on a database server. In this type of 
distributed architecture, auditing is typically performed by embedding customized 
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auditing mechanisms into the application on the applications server, not at the 
database server. Relying on the application to perform auditing can give rise to 
many problems because a large number of applications can potentially access the 
database. Consequently, it is almost impossible to ensure that each one of these 
5 applications is configured to perform the auditing properly. 

What is needed is an auditing mechanism for database accesses which 
does not rely on applications outside of the database server to perform auditing. 

SUMMARY 

1 0 One embodiment of the present invention provides a system that 

selectively audits accesses to a relational database system. This system starts by 
receiving a query from a client at a database server. The system processes this 
query at the database server to produce a query result. The system also creates an 
audit record for rows in relational tables that are accessed by the query, and that 

1 5 satisfy an auditing condition. Next, the system records the audit record in an audit 
record store and returns the query result to the client. Integrating the auditing 
facility into the relational database system in this manner ensures that auditing is 
performed in the same way regardless of which application generates the query. 
Furthermore, this auditing is transparent to applications and users. 

20 In one embodiment of the present invention, the system additionally 

modifies the query so that processing the query causes the audit record to be 
created and recorded for rows in relational tables that are accessed by the query 
and that satisfy the auditing condition. In a variation on this embodiment, the 
auditing condition is associated with a table in the relational database system. 

25 In one embodiment of the present invention, the auditing condition 

includes a plurality of auditing conditions. 
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In one embodiment of the present invention, the audit record includes a 
user name for a user making the query, a time stamp specifying a time of the 
query, and a text of the query. 

In one embodiment of the present invention, the system determines if 
auditing is enabled, and if so, creates the audit record. 

In one embodiment of the present invention, auditing is enabled on a table 
by table basis. 

In one embodiment of the present invention, the audit record is created 
while the query result is being generated. 

In one embodiment of the present invention, the audit record is created 
after the query result is generated. 

In one embodiment of the present invention, the auditing condition 
includes a condition for a field within the relational database system. 

BRIEF DESCRIPTION OF THE FIGURES 

FIG. 1 illustrates a distributed computing system in accordance with an 
embodiment of the present invention. 

FIG. 2 illustrates a table within a relational database in accordance with an 
embodiment of the present invention. 

FIG. 3 is a flow chart illustrating the process of auditing a query in 
accordance with an embodiment of the present invention. 

FIG. 4 is a flow chart illustrating the process of reforming a query for 
auditing purposes in accordance with an embodiment of the present invention. 

DETAILED DESCRIPTION 

The following description is presented to enable any person skilled in the 
art to make and use the invention, and is provided in the context of a particular 
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application and its requirements. Various modifications to the disclosed 
embodiments will be readily apparent to those skilled in the art, and the general 
principles defined herein may be applied to other embodiments and applications 
without departing from the spirit and scope of the present invention. Thus, the 
5 present invention is not intended to be limited to the embodiments shown, but is 
to be accorded the widest scope consistent with the principles and features 
disclosed herein. 

The data structures and code described in this detailed description are 
typically stored on a computer readable storage medium, which may be any device 

1 0 or medium that can store code and/or data for use by a computer system. This 
includes, but is not limited to, magnetic and optical storage devices such as disk 
drives, magnetic tape, CDs (compact discs) and DVDs (digital video discs), and 
computer instruction signals embodied in a transmission medium (with or without 
a carrier wave upon which the signals are modulated). For example, the 

1 5 transmission medium may include a communications network, such as the 
Internet. 

Distributed Computing System 

FIG. 1 illustrates a distributed computing system 100 in accordance with 
20 an embodiment of the present invention. Distributed computing system 100 
includes a number of computer systems (nodes), including clients 102-104, 
application server 108 and database server 110. Computer systems 102-104, 108 
and 1 10 can generally include any type of computer system, including, but not 
limited to, a computer system based on a microprocessor, a mainframe computer, 
25 a digital signal processor, a personal organizer, a device controller, and a 
computational engine within an appliance. 
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Computer systems 102-104, 108 and 1 10 are coupled together by a 
computer network (not shown). This computer network can include any type of 
wire or wireless communication channel capable of coupling together computing 
nodes. This includes, but is not limited to, a local area network, a wide area 
5 network, or a combination of networks. In one embodiment of the present 
invention, this network includes the Internet. 

Clients 102-104 can include any node on a network including 
computational capability and including a mechanism for communicating across 
the network. In the embodiment of the present invention illustrated in FIG. 1, 

1 0 clients 1 02- 1 04 communicate with application 1 07 located on application server 
108. Application 107 in turn communicates with relational database 109 on 
database server 110. Application server 108 and database server 1 10 can include 
any node on a computer network including a mechanism for servicing requests 
from a client for computational and/or data storage resources. Note that 

15 application server 108 serves as a client for database server 110. 

Database server 1 10 contains relational database 109. Relational database 
109 can generally include any type of database system designed around relation 
tables. Within relational database 109 there exist a number of mechanisms, 
including query processor 120 and auditing mechanism 122. Query processor 120 

20 operates on a number of relational tables 1 13, including table 1 14 and table 116. 
Auditing mechanism 122 records audit records to audit record store 1 1 8. 

Note that tables 113 and audit record store 113 reside on storage device 
1 12, which is controlled by database server 1 10. Storage device 1 12 can include 
any type of non-volatile storage device, such as non- volatile storage devices based 

25 on magnetic, optical and/or magneto-optical storage devices. Storage device 1 12 
can also include non-volatile semiconductor storage devices based on flash 
memory or battery-backed up random access memory. Note that copies of 
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selected portions of tables 1 13 and audit record store 1 18 can also exist within 
memory in database server 110. 

Table Structure 

5 FIG. 2 illustrates the structure of table 1 14 within relational database 1 19 

in accordance with an embodiment of the present invention. Table 1 14 has the 
same structure as a typical table in a relational database, including a number of 
rows containing various fields. 

Table 1 14 also includes a row-level auditing flag 206 which indicates 

1 0 whether auditing is enabled for the table. In another embodiment of the present 
invention, the system includes a database- wide row-level auditing flag, which 
enables row-level auditing for the entire relational database 109. 

Table 1 14 is additionally associated with a number of auditing conditions, 
including auditing condition 202 "salary > 1 5 000 ? 000" and auditing condition 204 

15 "title = 'CEO'". Auditing conditions 202 and 204 instruct relational database 109 
to create an audit record for any rows that are accessed within table 1 14 that 
include a salary field with a value greater than 1,000,000, or that include a title 
field specifying a CEO. Accesses to other rows in table 1 14 that do not satisfy 
either of these auditing conditions do not cause an audit record to be generated. 

20 

Process of Auditing a Query 

FIG. 3 is a flow chart illustrating the process of auditing a query in 
accordance with an embodiment of the present invention. The system starts by 
receiving a query 123 at relational database 109 within database server 110 from 
25 application 107 within application server 108 (step 302). 

The system first determines if auditing is enabled by checking all tables 
referenced by the query to see if an auditing flag is set for the tables (step 303). If 
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auditing is not enabled, the system processes query 123 as usual to produce a 
query result 124 (step 305), and then returns query result 124 (step 314). 

If auditing is enabled, the system modifies the query by inserting 
monitoring logic into query 123 (step 304). This monitoring logic causes an audit 
5 record to be created and recorded for any rows that satisfy an auditing condition. 

In one embodiment of the present invention, query 123 is modified by 
inserting statements into query 123 to make query 123 call a function that creates 
and records auditing records if a row in a table satisfies the auditing conditions. 

In another embodiment of the present invention, modifying query 123 
1 0 involves creating two separate queries. A first query additionally includes 

restrictions based on the auditing conditions. This query produces audit records 
only for rows that satisfy the auditing conditions. A second query is unmodified 
from the initial query and is used to produce the query result. 

In one embodiment of the present invention, the auditing condition is 
1 5 specified for the entire relational database 1 09. In another embodiment, the 
auditing condition is specified on a table-by-table basis. 

Next, the optimization layer performs view merging (step 305), and the 
system processes query 123 to produce the query result 124 (step 306). In doing 
so, the system creates an audit record for rows that are accessed by query 123 and 
20 that satisfy the auditing condition (step 310). Alternatively, the audit record can 
be produced by running a second query at a later time to produce the audit record. 

Note that the audit record includes a user name for a user making the 
query, a time stamp specifying a time of the query, a text of the query and specific 
variable bindings for the query. 
25 The system then records the audit record in audit record store 1 1 8 (step 

312) and then returns the query result 124 to application 107 (step 314). 
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Process of Reforming a Query 

FIG. 4 is a flow chart illustrating the process of reforming a query for 
auditing purposes in accordance with an embodiment of the present invention. 
The system starts by receiving a query 123 at relational database 109 (step 402). 
5 The system next retrieves any auditing conditions that might exist for tables 
involved in query 123, such as auditing conditions 202 and 204 associated with 
table 114 (step 404). 

If query 123 includes a statement that modifies a table within relational 
database 109, such as a delete statement, an insert statement or an update 

10 statement, the system uses pre-existing triggers in the database system to create 
audit records for these statements (step 405). Note that a database system 
generally maintains a log of changes to database tables, so providing an auditing 
mechanism for these changes in addition to the log may be unnecessary. The 
system then processes query 123 to produce query result 124 (step 418). 

15 If query 123 includes a select statement, the system appends a case 

statement to query 123 for each auditing condition using a view expansion 
mechanism (step 406). For example, suppose that the auditing condition is DEPT 
= 'SALES 5 and that query 123 is, 

20 SELECT * FROM payroll WHERE salary> 150,000; 

The system appends a case statement to the select statement as follows. 

SELECT * FROM 
25 ( 

SELECT* FROM payroll 

WHERE (CASE WHEN (dept= bales') THEN SYS_AUDITQ 
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ELSE NOT NULL END) IS NOT NULL; 

) 

WHERE salary > 150,000 

In this example, the case statement will cause the S YS_AUDIT() function to be 
called if the auditing condition is satisfied. This SYS_AUDIT() function causes 
an audit record to be created and recorded. 

Note that the function S YS_AUDIT() always returns NOT NULL (unless 
an error condition arises within SYS_AUDIT()). Therefore the predicate is 
always evaluated as TRUE. Hence, the predicate does not affect the logic of 
query 123, and the predicate can be safely applied to query 123. 

Next, the query processor is allowed to allocate buffers for query 123 (step 
408). After the buffers are allocated, the system removes the case statement from 
query 123 (step 410). In one embodiment of the present invention, this involves 
moving a query filter list data structure that refers to the predicate to a temporary 
location in the query block data structure that contains all the meta-information 
for query 123. Moving the predicate in this way prevents the optimizer from 
reorganizing the CASE clause and query plan layer to allocate row source for the 
CASE clause. 

After optimization, the system generates a query plan for query 123 to 
specify an order in which the operations involved in query 123 are carried out 
(step 412). 

After the query plan is generated (but before generating the execution plan 
for any "GROUP BY" clause that may exist) the system generates an execution 
plan for the case statement so that the case statement is evaluated only for rows 
that satisfy all the preceding conditions in query 123 (step 414). In this way, an 
audit record is created only for rows are accessed by query 123. 
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Next, the system processes query 123 to produce query result 124 (step 418). This 
causes an audit record to be created (step 420) and recorded (step 422) for each 
row that satisfies the conditions of query 123 as well as the auditing conditions. 

Finally, the system returns query result 124 to the entity that issued query 
5 123 (step 424). 

The foregoing descriptions of embodiments of the invention have been 
presented for purposes of illustration and description only. They are not intended 
to be exhaustive or to limit the present invention to the forms disclosed. 
Accordingly, many modifications and variations will be apparent to practitioners 
10 skilled in the art. Additionally, the above disclosure is not intended to limit the 
present invention. The scope of the present invention is defined by the appended 
claims. 
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What Is Claimed Is: 



1 1 . A method for selectively auditing accesses to a relational database 

2 system, comprising: 

3 receiving a query from a client at a database server that processes queries 

4 for the relational database system; 

5 processing the query at the database server to produce a query result; 

6 creating an audit record for rows in relational tables that are accessed by 

7 the query and that satisfy an auditing condition; 

8 recording the audit record in an audit record store; and 

9 returning the query result to the client. 

1 2. The method of claim 1 , further comprising modifying the query 

2 prior to processing the query, so that processing the query causes the audit record 

3 to be created and recorded for rows in relational tables that are accessed by the 

4 query and that satisfy the auditing condition. 

1 3 . The method of claim 1 , wherein the auditing condition is 

2 associated with a table in the relational database system. 

1 4. The method of claim 1, wherein the auditing condition includes a 

2 plurality of auditing conditions. 

1 5. The method of claim 1 , wherein the audit record includes: 

2 a user name for a user making the query; 

3 a time stamp specifying a time of the query; and 

4 a text of the query. 

12 
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1 6. The method of claim 1, wherein creating the audit record includes: 

2 determining if auditing is enabled; and 

3 creating the audit record if auditing is enabled. 

1 7. The method of claim 6, wherein auditing is enabled on a table by 

2 table basis. 

1 8. The method of claim 1 , wherein the audit record is created while 

2 the query result is being generated. 

1 9. The method of claim 1 , wherein the audit record is created after the 

2 query result is generated. 

1 1 0. The method of claim 1 , wherein the auditing condition includes a 

2 condition for a field within the relational database system. 

1 1 1 . A computer-readable storage medium storing instructions that 

2 when executed by a computer cause the computer to perform a method for 

3 selectively auditing accesses to a relational database system, the method 

4 comprising: 

5 receiving a query from a client at a database server that processes queries 

6 for the relational database system; 

7 processing the query at the database server to produce a query result; 

8 creating an audit record for rows in relational tables that are accessed by 

9 the query and that satisfy an auditing condition; 

1 0 recording the audit record in an audit record store; and 
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returning the query result to the client. 



1 1 2. The computer-readable storage medium of claim 1 1 , wherein the 

2 method further comprises modifying the query prior to processing the query, so 

3 that processing the query causes the audit record to be created and recorded for 

4 rows in relational tables that are accessed by the query and that satisfy the auditing 

5 condition. 

1 1 3. The computer-readable storage medium of claim 1 1 , wherein the 

2 auditing condition is associated with a table in the relational database system. 

1 1 4. The computer-readable storage medium of claim 1 1 , wherein the 

2 auditing condition includes a plurality of auditing conditions. 

1 15. The computer-readable storage medium of claim 1 1 , wherein the 

2 audit record includes: 

3 a user name for a user making the query; 

4 a time stamp specifying a time of the query; and 

5 a text of the query. 

1 1 6. The computer-readable storage medium of claim 1 1 , wherein 

2 creating the audit record includes: 

3 determining if auditing is enabled; and 

4 creating the audit record if auditing is enabled. 

1 1 7. The computer-readable storage medium of claim 1 6, wherein 

2 auditing is enabled on a table by table basis. 
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1 8. The computer-readable storage medium of claim 1 1 , wherein the 
audit record is created while the query result is being generated. 



1 19. The computer-readable storage medium of claim 1 1 , wherein the 

2 audit record is created after the query result is generated. 

1 20. The computer-readable storage medium of claim 1 1 , wherein the 

2 auditing condition includes a condition for a field within the relational database 

3 system. 

1 2 1 . An apparatus that selectively audits accesses to a relational 

2 database system, comprising: 

3 a database server; 

4 a receiving mechanism, at the database server, that is configured to receive 

5 a query from a client; 

6 a query processor that is configured to process the query at the database 

7 server to produce a query result; 

8 an auditing mechanism that is configured to, 

9 create an audit record for rows in relational tables that are 

10 accessed by the query and that satisfy an auditing condition, and to 

1 1 record the audit record in an audit record store; and 

12 a returning mechanism that returns the query result to the client. 

1 22. The apparatus of claim 21 , further comprising a query modification 

2 mechanism that is configured to modify the query prior to processing the query, so 

3 that processing the query causes the audit record to be created and recorded for 
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rows in relational tables that are accessed by the query and that satisfy the auditing 
condition. 



1 23 . The apparatus of claim 2 1 , wherein the auditing condition is 

2 associated with a table in the relational database system. 

1 24. The apparatus of claim 2 1 , wherein the auditing condition includes 

2 a plurality of auditing conditions. 



1 25. The apparatus of claim 21, wherein the audit record includes: 

2 a user name for a user making the query; 

3 a time stamp specifying a time of the query; and 

4 a text of the query. 

1 26. The apparatus of claim 2 1 , wherein the auditing mechanism is 

2 configured to: 

3 determine if auditing is enabled; and to 

4 create the audit record if auditing is enabled. 



1 27. The apparatus of claim 26, wherein the auditing mechanism is 

2 configured to enable auditing on a table by table basis. 

1 28. The apparatus of claim 2 1 , wherein the auditing mechanism is 

2 configured to create the audit record while the query result is being generated. 

1 29. The apparatus of claim 2 1 , wherein the auditing mechanism is 

2 configured to create the audit record after the query result is generated. 
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1 30. The apparatus of claim 21, wherein the auditing condition includes 

2 a condition for a field within the relational database system. 
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SELECTIVELY AUDITING ACCESSES TO 
ROWS WITHIN A RELATIONAL DATABASE 
AT A DATABASE SERVER 

ABSTRACT 

One embodiment of the present invention provides a system that 
selectively audits accesses to a relational database system. This system starts by 
receiving a query from a client at a database server. The system processes this 
query at the database server to produce a query result. The system also creates an 
audit record for rows in relational tables that are accessed by the query, and that 
satisfy an auditing condition. Next, the system records the audit record in an audit 
record store and returns the query result to the client. Integrating the auditing 
facility into the relational database system in this manner ensures that auditing is 
performed in the same way regardless of which application generates the query. 
Furthermore, this auditing is transparent to applications and users. In one 
embodiment of the present invention, the system additionally modifies the query 
so that processing the query causes the audit record to be created and recorded for 
rows in relational tables that are accessed by the query and that satisfy the auditing 
condition. In a variation on this embodiment, the auditing condition is associated 
with a table in the relational database system. 
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COMBINED DECLARATION AND POWER OF ATTORNEY 

As a beloW-named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below by my name; 

I believe I am the original, first and sole inventor, if only one name is listed below, or an original, first and joint inventor if multiple 
names are listed below, of the subject matter which is claimed and for which a patent is sought on the; invention entitled: 

SELECTIVELY AUDITING ACCESSES TO ROWS WITHIN A RELATIONAL DATABASE AT A DATABASE SERVER 

for which a patent application: 
£3 is attached hereto. 

□ was filed in the United States on _ as Application No. 

□ with amendmentCs) filed on (if applicable), 



I hereby state that I have reviewed and understand the contents of the application identified above, including the claims, as 
amended by any amendment referred to above. 

I acknowledge the duty to disclose information known to me to be material to the examination of this application in accordance 

with Title 37, Code of Federal Regulations, §1.56, which states in relevant part; 

Each individual sedated with tbb filing and prosecution of a patent application hag a duty of candor and good faith in dealing with the 
Office ivhith includes a duty to disclose to the Office all information known to that individual to be material to patentability as defined m 
thia section.,.. The duty to disclose all informatipn knoxvn to be material to patentability is deemed to be satisfied if all information known 
to be material to patentability of atiy claim issued in a patent was cited by the Office or submitted to the Office... . 

I hereby claim foreign priority benefits under Title 35, United States Code, §1 19(aMd), of any foreign applications) for patent or 
inventor's certificate as indicated below and have also identified below any foreign application for patent or inventor's certificate on 
this invention having a filing date before that of the application on which priority is claimed: 



EARLIEST FOREIGN APPLICATIONS), IF ANY, FILED PRIOR TO THE FILING DATE OF THE APPLICATION 


APPLICATION NUMBER 


COUNTRY 


DATE OF FILING 
(Day, Month. Year) 


PRIORITY CLAIMED 








YES □ NO □ 



I hereby claim the benefit under Title 35, United States Code, § 1 19(e), of any United States provisional application(s) listed below: 



APPLICATION NUMBER 


DATE OF FILING 







I hereby claim the benefit under Title 35, United States Code, § 120, of any United States application^) listed below and, insofar a$ 
the subject matter of each of the claims of this application is not disclosed in the prior United States application in the manner 
provided by the first paragraph of Title 35, United States Code, §1 12, 1 acknowledge the duty to disclose information that is 
material to patentability as defined in Title 37 7 Code of Federal Regulations, §1.56, which became available between the filing date 
of the prior application and the national or PCT international filing date of this application; 



APPLICATION NUMBER 


DATE OF FILING 


STATUS 


PATENTED 


PENDING 


ABANDONED 
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Attorney Docket No. OR00-00801 



Sanjay Prasad (Reg, No. 36,247) of the Oracle Corporation to prosecute this application and transact all business in the Patent and 
Trademark Office connected therewith, and to file, prosecute and transact all business in connection with international applications 

Address correspondence to: Direct telephone calls to; 

Park & Vaughan LLP OOftlC A. Richard Park 

SOS Second Street, Suite 201 Z^OOO ( 530 ) 759-1661 

Davis, CA 95616 PATENT TRMEHMK OFFICE 



I hereby declare that all statements made herein of my own knowledge are true and that all statements made on information and 
belief are believed to be true, and further that these statements were made with the knowledge that willful false statements and the 
like so made are punishable by fine or imprisonment, or both, under Title 18, United States Code, §1001, and that such willful false 
statements may jeopardize the validity of the application or any patent issued thereon. 





Name and Citizenship 


Daniel ManHung Wong 


United States of America 


1 


Residence Address 


7425 Durfee Way, Sacramento, CA 95831 


X - 


Postal Address (if 

Q.UJSTETII JfUm K*Cf*vC/ 






Signature and Date 








Name and Citizenship 


Chon Hei Lei N " ^ 


United States of America 




Residence Address 


352 Sweet Road, Alameda, CA 94502 


Postal Address (if 
different from Residence) 






Signature and Date 


\\ iju (Aw L_J 






Name and Citizenship 


Patrick^lCSack 


United States of America 


3 


Residence Address 


21660 Mitchell Cotift, Ashbum, VA 20147 


Postal Address (if 
different from Resident) 






Signature and Date 




Date 




Name and Citizenship 






4 


Residence Address 




Postal Address (tf 
different from Resid&nce) 






Signature and Date 




Dale 




Name and Citizenship 






S 


Residence Address 




Postal Address (if 
different from Residence) 






Signature and Date 




Data 



Additional inventor name(s) and signature(s) attached?: YES □ NO ^ 
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Attorney Docket No. OR00-00801 

COMBINED DECLARATION AND POWER OF ATTORNEY 

As a below-named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below by my name; 

I believe I am the original, first and sole inventor, if only one name is listed below, or an original, first and joint inventor if multiple 
names are listed below, of the subject matter which is claimed and for which a patent is sought on the invention entitled: 

SELECTIVELY AUDITING ACCESSES TO ROWS WITHIN A RELATIONAL DATABASE AT A DATABASE SERVER 

for which a patent application: 
ER1 is attached hereto. 

□ was filed in the United States on _ as Application No. _; 

□ with amendment(s) filed on (if applicable). 

I hereby state that I have reviewed and understand the contents of the application identified above, including the claims, as 
amended by any amendment referred to above. 

I acknowledge the duty to disclose information known to me to be material to the examination of this application in accordance 

with Title 37, Code of Federal Regulations, §1.56, which states in relevant part: 

Each individual associated with the filing and prosecution of a patent application has a duty of candor and good faith in dealing with the 
Office, which includes a duty to disclose to the Office all information known to that individual to be material to patentability as defined in 
this section.... The duty to disclose all information known to be material to patentability is deemed to be satisfied if all information known 
to be material to patentability of any claim issued in a patent was cited by the Office or submitted to the Office. . . . 



I hereby claim foreign priority benefits under Title 35, United States Code, § 1 19(a)-(d), of any foreign application(s) for patent or 
inventor's certificate as indicated below and have also identified below any foreign application for patent or inventor's certificate on 
this invention having a filing date before that of the application on which priority is claimed: 



EARLIEST FOREIGN APPLICATION(S), IF ANY, FILED PRIOR TO THE FILING DATE OF THE APPLICATION 


APPLICATION NUMBER 


COUNTRY 


DATE OF FILING 
(Day, Month, Year) 


PRIORITY CLAIMED 








YES □ NO □ 



I hereby claim the benefit under Title 35, United States Code, §1 19(e), of any United States provisional application(s) listed below: 



APPLICATION NUMBER 


DATE OF FILING 







I hereby claim the benefit under Title 35, United States Code, §120, of any United States application(s) listed below and, insofar as 
the subject matter of each of the claims of this application is not disclosed in the prior United States application in the manner 
provided by the first paragraph of Title 35, United States Code, §1 12, 1 acknowledge the duty to disclose information that is 
material to patentability as defined in Title 37, Code of Federal Regulations, §1.56, which became available between the filing date 
of the prior application and the national or PCT international filing date of this application: 



APPLICATION NUMBER 


DATE OF FILING 


STATUS 


PATENTED 


PENDING 


ABANDONED 













I hereby appoint Daniel E. Vaughan (Reg. No. 42,199) and A. Richard Park (Reg. No. 41,241) of PARK & VAUGHAN and 
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Sanjay Prasad (Reg. No. 36,247) of the Oracle Corporation to prosecute this application and transact all business in the Patent and 
Trademark Office connected therewith, and to file, prosecute and transact all business in connection with international applications 
directed to said invention. 

Address correspondence to: 
Park & Vaughan LLP 

508 Second Street, Suite 201 22835 
Davis, CA 95616 

PATENT TMDEHMK OFFICE 

I hereby declare that all statements made herein of my own knowledge are true and that all statements made on information and 
belief are believed to be true; and further that these statements were made with the knowledge that willful false statements and the 
like so made are punishable by fine or imprisonment, or both, under Title 1 8, United States Code, §1001, and that such willful false 
statements may jeopardize the validity of the application or any patent issued thereon. 



Direct telephone calls to: 
A. Richard Park 
(530) 759-1661 





Name and Citizenship 


Daniel ManHung Wong 


United States of America 


1 


Residence Address 


7425 Durfee Way, Sacramento, CA 95831 


Postal Address (if 

different from Residence) 






Signature and Date 




Date 




Name and Citizenship 


Chon Lei 


United States of America 


2 


Residence Address 


352 Sweet Road, Alameda, CA 94502 


Postal Address (if 
different from Residence) 






Signature and Date 




Date 




Name and Citizenship 


Patrick R Sack 


United States of America 


3 


Residence Address 


21660 Mitchell Court, Ashburn, VA 20147 


Postal Address (if 

different from Residence) ^ 






Signature and Date — 








Name and Citizenship 






4 


Residence Address 




Postal Address (if 

different from Residence) 






Signature and Date 




Date 




Name and Citizenship 






5 


Residence Address 




Postal Address (if 

different from Residence) 






Signature and Date 




Date 



Additional inventor name(s) and signature(s) attached?: YES □ NO | 
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POWER OF ATTORNEY BY ASSIGNEE TO EXCLUSION OF INVENTOR UNDER 
37 C F R. § 3.71 WITH REVOCATION OF PRIOR POWERS 



Inventor(s); 
Title: 

Docket No: 
Serial No. 
Filing Date: 
Group Art Unit: 
Examiner: 



Daniel ManHung Wong, et al. 

SELECTIVELY AUDITING ACCESSES TO ROWS WITHIN A 

RELATIONAL DATABASE AT A DATABASE SERVER 

OR00-00801 

To Be Assigned 

To Be Assigned 

To Be Assigned 

To Be Assigned 



The undersigned ASSIGNEE of the entire interest in the above-identified application for 
letters patent hereby appoints Sanjay Prasad, Registration No. 36,247, Roger P, Kennedy, 
Registration No, 44,823 and Christopher Brokaw, Registration No. P-45,620 of ORACLE 
CORPORATION, and A. Richard Park 9 Registration No. 41,241 and Daniel E. Vaughan, 
Registration No. 42,199 of PARK & VAUGHAN LLP, to prosecute this application and transact all 
business in the United States and Trademark Office in connection therewth and hereby revokes all 
prior powers of attorney; said appointment to be to the exclusion of the inventors and the inventors 5 
attorneys in accordance with the provisions of 37 CF.R, § 3.71 > 

The following evidentiary documents establish a chain of title from the original owner to the 
Assignee: 

a copy of an Assignment attached hereto, which Assignment has been (or is herewith) 
forwarded to the Patent and Trademark Office for recording; or 



x 



the Assignment recorded on 



at reel 



frames . 



Pursuant to 37 Ci\R§ 3.73(b) the undersigned Assignee hereby states that evidentiary 
documents have been reviewed and hereby certifies that, to the best of ASSIGNEE'S knowledge and 
belief, title is in the identified ASSIGNEE, 

Please direct all telephone calls and correspondence to: A. Richard Park, Park & Vaughan 
LLP, 508 Second Street Suite 201, Davis, CA 95616, tel: (530)^-1661, 

ASSIGNEE: Orac 

Signature: 




Name: . 
Title: 



(Signature)" / 
Sanjay Prasad 



Chief Patent Counsel 
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